Do I Need MDM? Device Management Guide

What device management actually means

Device management (often called MDM, for Mobile Device Management) is software that lets you control, configure, and secure company devices from one location. It covers laptops, phones, and tablets. You can push software updates, enforce security policies, deploy apps, and remotely wipe a device if lost or stolen.

Without it, every device is managed individually. Someone on your team sets up each laptop by hand, installs the right apps, configures the settings, and hopes nothing goes wrong. That works fine for 5 people but stops working around 20.

Signs you need MDM

20+ devices

Manual setup at this scale causes discrepancies and gaps.

Sensitive data

Client data, financial records, and health information require remote wiping enabled on your devices.

Compliance requirements

ISO 27001, SOC 2, and Cyber Essentials all ask about endpoint security.

Regular onboarding

Zero-touch deployment ensures new hires are ready on day one.

Mixed fleet

Mac and Windows together require double the configuration work.

Signs you do not need it yet

There is no magic number. A 5-person team with encrypted Macs and up-to-date software is already doing the basics. Here is when to formalise it:

You have fewer than 15 devices with no compliance requirements.
Employee turnover is minimal, so manual setup is manageable.
No client or auditor has asked about your device security posture.

In that case, a basic security checklist (full disk encryption, screen lock, up-to-date OS, antivirus) applied manually to each device is often sufficient. Revisit the decision when your team grows or a client asks about your endpoint controls.

Want to check your current device security?

Our free IT audit covers device management, encryption, and endpoint compliance.

Take the free audit →

What zero-touch deployment means

Zero-touch deployment is the part of MDM companies find most useful. When you buy a new Mac through Apple Business Manager, you can configure it to automatically enrol in your MDM the first time it powers on. The device installs the right apps, applies the correct security settings, and is ready to use without IT involvement.

This means you can ship devices directly to remote employees. No IT setup visit. No, "here is a 20-step guide to configure your laptop." The employee turns it on, signs in, and everything is ready. Our device management case study covers how this works at scale.

MDM licensing

Most MDM platforms charge per device per month. Volobyte negotiates volume pricing and bundles MDM with your existing Microsoft or Apple agreements.

You get the same platform at a better price with expert configuration.

See our SaaS licensing service →

MDM platforms compared

IRU (Kandji)

Mac-focused. Simple, modern UI. Strong zero-touch.

From £4/device/mo

Jamf Pro

Most established Mac MDM. Widest feature set.

From £6/device/mo

Intune

Best for Windows. Included with M365 Business Premium.

Included with M365 BP

BYOD: should you allow it?

Bring Your Own Device sounds appealing because it saves hardware costs. In practice, it creates problems. Personal devices mix personal and company data. You cannot enforce the same security policies on a device also used for personal browsing. If compromised, your company data is at risk.

If you must support BYOD, MDM can separate work data into a managed container on the personal device. But company-owned devices are always the cleaner, more secure option. The initial hardware cost is usually offset by lower support costs and fewer security incidents.

It is not just for big companies

MDM sounds like something for 500-person companies with a dedicated IT team. It is not. Every company with laptops faces device management problems. The difference is scale.

A well-configured setup requires little day-to-day management. The key is starting right and progressing as you grow.

Progressive device management roadmap

Security Checklist

Full disk encryption, screen lock, OS updates, and antivirus. Manual but effective for under 15 devices.

Under 15 devices

Apple Business Manager or Autopilot

Any size

MDM Lite

Kandji or Intune basics: enforce encryption, push updates, deploy core apps. Fits 20 to 50 devices.

20-50 devices

Full Fleet Management

Zero-touch deployment, conditional access, compliance baselines, automated patching, remote wipe. For scaling past 50 devices or meeting compliance.

50+ devices

Volobyte guides you through each stage. Start with a checklist, graduate to MDM when it makes sense. No unnecessary spending.

Talk to us about where to start →

Compliance is not just for companies that need it

Compliance frameworks describe what secure endpoints look like. Build towards them and you are secure by default, whether or not you pursue certification. You do not need to be audit-ready on day one. But if your device setup follows these principles from the start, you will not need to retrofit controls later.

UK Deadline

Cyber Essentials 2026

From April 2026, Cyber Essentials v3.3 requires that critical and high-risk security updates be installed within 14 days of release. Miss that window and you auto-fail certification.

Without MDM, you cannot verify this across your fleet. MDM platforms provide real-time patch status, automated update enforcement, and compliance dashboards.

See how Volobyte manages device fleets →

US Standard

SOC 2 and HIPAA

SOC 2 and HIPAA both require endpoint security controls: encryption, patching, access controls, and asset inventory. MDM provides auditable evidence for all of these.

Even if you never pursue the audit, building towards these standards means your endpoint controls are defensible, documented, and ready for due diligence.

Talk to us about compliance readiness →

That is the difference between building right and bolting on security after the fact. We provide controls and evidence to support audits and questionnaires. Certification decisions sit with your auditor.

Device Management FAQs

What is MDM and why do I need it?

Mobile Device Management (MDM) secures and manages all company devices centrally. Without it, you have no visibility into device security, can't enforce policies, and risk data breaches from lost or compromised devices.

How long does implementation take?

Most implementations take 4-8 weeks depending on fleet size and complexity. Simple Mac-only deployments can be faster; hybrid Mac/Windows environments take longer.

Can you manage both Mac and Windows?

Yes. We use the right tool for each platform: Intune for Windows, IRU (Kandji)/Jamf/Mosyle for Mac. Both managed from a unified strategy.

Should we go Mac or Windows?

Controversial opinion: Mac. The upfront cost is higher, but total cost of ownership is usually lower. Macs need less support, fewer repairs, last longer, and spend less time fighting malware. Windows works fine when managed properly, but if you're starting fresh or scaling, the 'Macs are expensive' line is often a misconception. Run the numbers. We're happy to help.

What happens when devices are lost or stolen?

With MDM, you can remotely wipe company data within minutes. No more days of panic wondering what data was exposed.

How does zero-touch deployment work?

Devices ship directly to employees pre-configured. When they sign in, policies, apps, and security settings apply automatically. No IT intervention needed.

Will this disrupt employees during rollout?

Some. It depends on your current state. Clean fleets with new devices see almost no friction. Legacy setups with manual configs, outdated OS versions, or unmanaged apps will need more hands-on work. We phase rollouts and pilot first, but we won't pretend it's invisible if your fleet needs cleanup.

Do you support BYOD?

We can, but we strongly discourage it. BYOD creates security gaps, complicates compliance, and blurs the line between personal and company data. If you must support it, MDM can separate work data on personal devices. But company-owned devices are always the cleaner, safer option.

How does MDM integrate with our identity provider?

Modern MDM integrates seamlessly with Okta, Entra ID, and Google Workspace. Devices are tied to user identity for conditional access.

What about mobile phones and tablets?

MDM covers iOS, Android, iPads, and more. Same policies, same visibility, same security across your entire device fleet.

How do I know which pricing model is right?

We work it out with you. All projects include discovery, so we scope your fleet before quoting. Defined projects get fixed pricing. Growing fleets benefit from managed services.

How much does Apple MDM cost per device?

Apple MDM pricing varies by platform: IRU (Kandji) starts around £4-6 per device/month, Jamf Pro is typically £6-10 per device/month, and Mosyle is often the most cost-effective at £2-4 per device/month. Microsoft Intune is included with certain Microsoft 365 plans. We help you choose based on your fleet size, security requirements, and budget.

What is zero-touch deployment for Apple devices?

Zero-touch deployment means new Macs and iPhones ship directly to employees pre-configured via Apple Business Manager. When the user powers on and signs in, the device automatically enrols in your MDM, installs required apps, and applies security policies. No IT intervention required. Users are productive on day one.

Can you manage enterprise Mac fleets remotely?

Yes. Modern MDM platforms like IRU (Kandji), Jamf, and Mosyle provide complete remote management for Mac fleets. You can push software updates, enforce security policies, deploy applications, and remotely wipe lost devices, all without physical access. This works for distributed teams across multiple countries.

Do I Need MDM?